×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2021-Nov-14 04:05:09
Debug artifacts
D:\_Windows\desktop\VS2015\VS_2012\ybazi\ybazi\obj\x86\Debug\PaiBazi.pdb
Comments
传统子平八字理论。排八字、大运等信息。
CompanyName
南方周易程序
FileDescription
南方排八字专业程序
FileVersion
7.3.4.0
InternalName
PaiBazi.exe
LegalCopyright
Copyright © nanfangSoft 2022
LegalTrademarks
OriginalFilename
PaiBazi.exe
ProductName
南方排八字专业程序
ProductVersion
7.3.4.0
Assembly Version
7.3.4.0
Info
Matching compiler(s):
.NET executable -> Microsoft
Suspicious
Strings found in the binary may indicate undesirable behavior:
Contains references to internet browsers:
Tries to detect virtualized environments:
Hardware\Description\System
Contains domain names:
http://www.nfzhouyi.com
nfzhouyi.com
www.nfzhouyi.com
Info
Cryptographic algorithms detected in the binary:
Uses constants related to MD5
Suspicious
No VirusTotal score.
This file has never been scanned on VirusTotal.
MD5
bfb749b40269e990be0caf59f25f3bd8
SHA1
4e89f0b6e61cc39a65ff88150030b94b2108b619
SHA256
abdd10fbdcd94ee83f9e3cbbb9798b5931de3a3472d5e30030e299001fc36ef8
SHA3
06cb6647a2b3ea29ea99f067bcd2546552b349ff9747019617dd0c65f5a9609a
SSDeep
98304:TYbWpwEOUHvDDDDDDDDDDDDDDDDDBDDDDDDDDDDDDDDDDDDDDDimi8UTpJwKjNy:TYbWpwEOUHMnlpJLk
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2021-Nov-14 04:05:09
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
80.0
SizeOfCode
0x307400
SizeOfInitializedData
0x11a00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00308FE6 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x30a000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x31e000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
551c3b332d4a32b76b828c3cf414ad1f
SHA1
82b8de7d807144b123b7d1f33bef4237826d7d54
SHA256
2b549d04ebf80bdc0f5b97b5e204199528b7d2c8ea9ee52c4f77beedb5006da7
SHA3
6dde4208870a1fc6ddff3f416264085ddd62dd16db2a1da1a82e6301f739ba36
VirtualSize
0x30720c
VirtualAddress
0x2000
SizeOfRawData
0x307400
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
6.77917
MD5
6666dfbeb909682f01e4c1ecfc20a476
SHA1
9805160e662f44804da445d0a4480afe346fdca1
SHA256
389aba1c20bddb262495d2c72f85ae66b7001dff6bb8cb10b31ea67cb6768134
SHA3
4c3a347c3a6e188521cd76c47312e10bfc28ac14d4754eabbab33d505ca1b8d7
VirtualSize
0x1164c
VirtualAddress
0x30a000
SizeOfRawData
0x11800
PointerToRawData
0x307600
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.62291
MD5
dfc299b1c55a1a3f0f65748c839c75cd
SHA1
1027ecc0cdc65bab886c8fa795cb79e8bca69a1a
SHA256
eeb5ee7f4b530bec33cc610e3a7beda3ce3aff4e0e656614623ef9024fad7762
SHA3
d9e60008cd153295535f9c932a1bcb57d5b7379331e8e8295cf7f066e486cb6d
VirtualSize
0xc
VirtualAddress
0x31c000
SizeOfRawData
0x200
PointerToRawData
0x318e00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10828
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.48047
MD5
9b8664a8a9293d42b89e29dadcc5f341
SHA1
bdf935b8c1f20cd1ca40885d0bab37d0eb2821b6
SHA256
4221f3a5f2e1c13a30c5cfbee4bf95056f20b9139916954436bb9f31c532e13c
SHA3
f61b6ffeb43ffddec1ba262ae52bc2a202e2c77dc537a2e0b03111fd73ed2b0c
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.98048
Detected Filetype
Icon file
MD5
38388dda6548693f4d42f2241a4218d7
SHA1
78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256
cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3
9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x35c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.86268
MD5
adffbe3566dfe2be68851e35c3b66684
SHA1
e66910f433053bc5ee85c51ddde07584611fa434
SHA256
152defef5b9d8f091369434a9a9cf2bea7ce2c805280117ce68e5727df213242
SHA3
63309e908b2497014f27d46f3822205daf7cf91af1a20db11c1fb92b599504e1
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x97e
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.93629
MD5
c3967224a56e0716a0a78a599a119e9c
SHA1
52b50a0f0d02dd96dd3dfde4ab5406e06065b9b0
SHA256
e353485e60fe2434e1f415d0448e646aa093c1cad95602a7e9602f0e7e91b2c4
SHA3
88f5a8c6b28ab4434ed918ede9b1db9526f89c2fbdf63bc070eb9d0e8d1eddb8
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
7.3.4.0
ProductVersion
7.3.4.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
传统子平八字理论。排八字、大运等信息。
CompanyName
南方周易程序
FileDescription
南方排八字专业程序
FileVersion (#2)
7.3.4.0
InternalName
PaiBazi.exe
LegalCopyright
Copyright © nanfangSoft 2022
LegalTrademarks
OriginalFilename
PaiBazi.exe
ProductName
南方排八字专业程序
ProductVersion (#2)
7.3.4.0
Assembly Version
7.3.4.0
Characteristics
0
TimeDateStamp
2021-Nov-14 04:05:09
Version
0.0
SizeofData
284
AddressOfRawData
0x308e78
PointerToRawData
0x307078
Referenced File
D:\_Windows\desktop\VS2015\VS_2012\ybazi\ybazi\obj\x86\Debug\PaiBazi.pdb